Down the Security Rabbithole, The BlogThis is a collection of my thoughts and ideas, and anything expressed here is unrelated to anything in real life and does not represent opinions of clients, employers or colleagues. If it feels a little bit like stream-of-consciousness, it probably is.

Sunday, March 14, 2010

Security Threat Reset - Isn't It About Time?

Fair warning - if you're too politically correct to accept a good rant on the cold, hard truth - don't read this entry. Move along, the government cheese and political correctness you so desire will return shortly.

So the threat level has been no lower than "Orange" at the airports since what ... fall of 2001?

At some point we have to grow out of the paranoia the TSA is hoping we continue to live in (more on that in a moment) and just come to grips with the fact that we're facing a daily threat. That threat is either from radicalized Muslims, domestic terrorists, or others who for one reason or another want to see us dead. Let's just come to grips and accept the fact that there is constant evil in the world. Let's come to grips with the facts that US foreign policy, coupled with being labeled as "westerners" and having unacceptable social policies like giving our women equality with men - well those just aren't acceptable to some peoples living in the dark ages.

Now, having accepted that we can start to do some real security domestically, digitally. Here are just a few things that I am compelled to share in light of some of the insanity that's been published lately. ...also I fly way too much, and live in the digital security industry to just ignore this crap.

First and foremost reset the "threat level" back to green ... why you ask? Simple - having it up at Orange for so long has begun to do the opposite of what was intended. People are starting to be de-sensitized to the Orange-ness... and if this happens then Orange is the new Green anyway. How many people actually walk around the airport with a heightened sense of security ... certainly not those out-of-shape, mental midgets wearing TSA badges.

1 word - profiling... Please spare me the petty arguments on how that may hurt someone's feelings - fact is it's done every day. You do it, I do it, and the folks monitoring the world's networks "on-the-wire" do it. There's an entire field of behavioral study in criminology that deals with how to effectively determine whether someone is prone to a certain behavioral pattern ... the political correctness police really need to take a back seat to our safety.

Cyber Shockwave was one of the biggest detriments to any real security on top of the idiocy already in Washington. As I've been shouting for forever now - the government's internal networks are getting raped repeatedly by foreign entities - now they're going to try and expand their "powers" to private industry? Are you serious? I'm going to go out on a limb here and say our private cellular infrastructure is better secured than the Pentagon. Quote me.

Security Theater (as we all know it) isn't fooling anyone. Those whole-body scanners, I shudder to say, are the first step to anything meaningful that we've done in airport security in decades. I say real security because obviously the TSA agent with his/her blue light autographing my boarding pass wasn't able to stop some ass-hat "radical" from boarding a flight with a bomb in his jock... right?

Do we really need another cyber-whatever-czar? I mean, seriously Obama's got someone appointed for everything ...No one wanted Howard's job ... it's like working for a manager that needs you to fill a position so you can be the scape-goat when crap goes south, but you won't actually get the power to avoid the crap-hitting-fan situation. Howard Schmidt can't succeed, partly because the government is incompetent, partly because his strategy is wrong - and partly because no one gives a sh** about some super-FUD government project aimed to scare people into readily giving away what tiny shreds of personal privacy (I know, I know it's a fallacy) we have left.

No comments:

About Me

Technology is pushing us along and becoming pervasive in our lives orders of magnitude faster than we can fully comprehend the ramifications of these changes.

Technology promises to change our lives, but at what price? The more heavily our daily lives rely on technology the greater the impact of a breach or a malicious attack. Our toasters can't kill us ... yet, but I suspect the day is coming.

As someone who has been involved in the defensive enterprise side of security for well over a decade, I emplore you to join me and focus our efforts on building better, more resilient systems which can not only support and enrich our lives, but also stand up to misuse and attack better.

Remember, prevention is a myth the snakeoil sales man sells. Real security comes from the ability to detect, respond, and resolve critical issues in a meaningful way.